Hi folks, another week in cloud computing done and dusted, as usual we've read all the cloud computing news from the big three; AWS, Azure and GCP again, so you don't have to.
Here at Hava we continue to improve our AWS Diagram Tool as well as adding more capabilities to the Azure and GCP visualizations that are auto generated by Hava.
Amazon Guard Duty now protects your S3 Buckets
This week AWS announced the anomaly and threat detection for Amazon Simple Storage Service (S3) activities that was previously available in Amazon Macie has now been enhanced and reduced in cost by over 80% as part of Amazon GuardDuty. This expands GuardDuty threat detection coverage beyond workloads and AWS accounts to also help you protect your data stored in S3.
This new capability enables GuardDuty to continuously monitor and profile S3 data access events (usually referred to data plane operations) and S3 configurations (control plane APIs) to detect suspicious activities such as requests coming from an unusual geo-location, disabling of preventative controls such as S3 block public access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions. To detect possibly malicious behavior, GuardDuty uses a combination of anomaly detection, machine learning, and continuously updated threat intelligence.
For your reference, here’s the full list of GuardDuty S3 threat detections.
https://aws.amazon.com/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/
Amazon Translate now supports Office documents
Whether your organization is a multinational enterprise present in many countries, or a small startup hungry for global success, translating your content to local languages may be an enduring challenge. Indeed, text data often comes in many formats, and processing them may require several different tools.
Also, as all these tools may not support the same language pairs, you may have to convert certain documents to intermediate formats, or even resort to manual translation. All these issues add extra cost, and create unnecessary complexity in building consistent and automated translation workflows.
Amazon Translate aims at solving these problems in a simple and cost effective fashion. Using either the AWS console or a single API call, Amazon Translate makes it easy for AWS customers to quickly and accurately translate text in 55 different languages and variants, provided of course that the documents are stored in a S3 Bucket
https://aws.amazon.com/blogs/aws/amazon-translate-now-supports-office-documents/
AWS App Mesh - New default mesh configuration
Now you can leverage new default mesh retry policy and connection pool configuration that simplifies building applications resilient to connection errors and improves application scalability.
AWS App Mesh is a service mesh that provides application-level networking to make it easy for your services to communicate with each other across multiple types of compute infrastructure. App Mesh standardizes how your services communicate, giving you end-to-end visibility and ensuring high-availability for your applications.
With the new default configuration for your service mesh, your applications will automatically retry calls to services that return Service Unavailable errors up to two times.
This makes your applications more resilient to errors with no additional configuration required. If necessary, you can adjust the retry policy on the routes. Additionally, the new default App Mesh configuration changes the connection pool settings in Envoy proxies, removing the limitation of 1,024 simultaneous connections, requests and retries, enabling building more scalable applications.
Amazon ECS announces Cloudformation support for EFS volumes
This week, Amazon Elastic Container Service (ECS) announced CloudFormation support for adding Amazon Elastic File System (EFS) volumes to ECS tasks. Customers can automate the creation and management of tasks using EFS volumes through infrastructure as code.
ECS tasks using EFS will automatically mount the file systems specified by the customer in the task definition and make them available to the containers in the task across all availability zones in the region. This enables persistent and shared storage to be defined and used at the task and container level in ECS.
Amazon EKS quotas can now be managed through AWS Service Quotas
Amazon Elastic Kubernetes Service (EKS) administrators can now view and manage their EKS quotas through AWS Service Quotas.
AWS Service Quotas helps you to view and manage service quota information centrally for your AWS services. Now you can use the AWS Service Quotas console, AWS Command Line Interface, and AWS SDK to view and update your Amazon EKS quotas, such as the number of clusters and number of managed node groups per account. When you make updates to your EKS quotas with AWS Service Quotas, you quickly see the changes to your EKS quotas in your AWS account. AWS Service Quotas is available at no additional charge.
You can view and manage your Amazon EKS limits through AWS Service Quotas in all commercial AWS regions where EKS is available. To learn more about using AWS Service Quotas to manage your EKS quotas, visit the EKS documentation.
Java Message Service 2.0 over AMQP on Azure Service Bus
Azure Service Bus simplifies enterprise messaging scenarios by leveraging familiar queue and topic subscription semantics over the industry-driven AMQP protocol. It offers customers a fully managed platform as a service (PaaS) offering with deep integrations with Azure services to provide a messaging broker with high throughput, reliable latency while ensuring high availability, secure design, and scalability as a first-class experience.
This week Azure announced preview support for Java Message Service (JMS) 2.0 over AMQP in Azure Service Bus Premium tier. With this, Azure customers can seamlessly lift and shift their Java and Spring workloads to Azure while also modernizing their application stack with best in class enterprise messaging in the cloud.
New best practices to help automate more secure Cloud deployments
As part of this new GCP resource center, Google are publishing a comprehensive new security foundations blueprint to provide curated, opinionated guidance and accompanying automation to help you build security into your starting point for your Google Cloud deployments. The security foundations blueprint was developed based on customer experience and covers the following topics:
Google Cloud organization structure
Authentication and authorization
Resource hierarchy and deployment
Networking (segmentation and security)
Logging
Detective controls
Billing setup
The blueprint itself includes both a detailed best practices guide and deployable assets in the form of customizable Terraform build scripts that can be used to stand up a Google Cloud environment configured per the guidance.
This joins other newly published blueprints with the same goal of best-practice security posture automation for specific apps or workloads.
GCP CAS - Securing applications with private CAs and certificates
Digital certificates underpin identity and authentication for many networked devices and services. Recently, we’ve seen increased interest in using public key infrastructure (PKI) in DevOps and device management, particularly for IoT devices. But one of the most fundamental problems with PKI remains—it’s hard to set up Certificate Authorities (CA), and even harder to do it reliably at scale. To help, GCP announced Certificate Authority Service (CAS), now in beta, from Google Cloud—a highly scalable and available service that simplifies and automates the management and deployment of private CAs while meeting the needs of modern developers and applications.
AWS Container Day at KubeCon
Start off your KubeCon 2020 with AWS at Container Day on August 17th. In this full-day virtual event, AWS will cover how Amazon EKS makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. Virtual sessions throughout the day will consist of technical deep dives, product demos, and product announcements. The AWS Kubernetes team will be streaming on Twitch all day, ready to answer your questions.
To attend the event and live chat with session presenters and AWS experts, register here.
AWS will be hosting Container Day on August 19th and 24th in APAC and EMEA-friendly timezones if you can’t make it on August 17th. To attend the APAC day on August 19th, register here. To attend the EMEA day on August 24th, register here. These additional events will be rebroadcasts, but our experts will be moderating live to chat and answer questions!
To get in touch with the event team, please reach out to awscontainerday@amazon.com.
| 8:00 AM – 8:20 AM | Keynote Bob Wise, GM of Kubernetes at AWS |
| 8:20 AM – 8:40 AM | EKS Roadmap & Vision Nathan Taber, Sr Product Manager, EKS |
| 8:40 AM – 9:00 AM | AWS Controllers for Kubernetes: The AWS universe of services, now Kubeified! Jay Pipes, Principal Open Source Engineer, Kubernetes |
| 9:00 AM – 9:20 AM | Kubernetes Networking on AWS Mike Stefaniak, Sr Product Manager, EKS |
| 9:20 AM – 9:40 AM | Application Networking on Service Mesh Shubha Rao, Principal Product Manager, App Mesh |
| 9:40 AM – 10:00 AM | AWS Inferentia on EKS Mike Stefaniak, Sr Product Manager, EKS |
| 10:00 AM – 10:20 AM | Saying Goodbye to YAML Engineering with the CDK for Kubernetes Nathan Taber, Sr Product Manager, EKS Elad Ben-Israel, Principal Software Engineer, SDKs |
| 10:20 AM – 11:30 AM | Live Containers on the Couch – Q&A |
| 11:30 AM – 11:50 AM | Customizing Managed Nodes groups Jesse Butler, Senior Developer Advocate |
| 11:50 AM – 12:10 PM | Bottlerocket: an Open Source Container Host OS Justin Haynes, Software Development Manager |
| 12:10 PM – 12:30 PM | CloudWatch Container Insights now monitors Prometheus Metrics Sudeeptha Jothiprakash, Principal Product Manager, Cloudwatch |
| 12:30 PM – 12:50 PM | Persistent File Storage for Amazon EKS with Amazon EFS Will Ochandarena, Principal Product Manager, EFS |
| 12:50 PM – 1:10 PM | Running Arm nodes with AWS Graviton on Amazon EKS Michael Hausenblas, Sr Developer Advocate |
| 1:10 PM – 2:00 PM | Live Containers on the Couch – Q&A |
| 2:00 PM – 2:20 PM | Security Best Practices Jeremy Cowan, Principal Containers Specialist SA |
| 2:20 PM – 2:40 PM | CIS Benchmark Paavan Mistry, Sr Developer Advocate |
| 2:40 PM – 3:00 PM | EKS and Fargate, better together Massimo Re Ferre, Principal Developer Advocate |
| 3:00 PM – 3:45 PM | Final Q&A and Closing Remarks |
Google Cloud Next OnAir
Google's 9 Week Digital Event kicks off on July 14th with diverse topics being covered each week. The remaining include:
| Data Analytics | August 11th |
| Data Management and Databases | August 18th |
| Application Modernization | August 25th |
| Cloud AI | September 1st |
| Business Application Platform | September 8th |
Full Information and Session times here: https://cloud.withgoogle.com/next/sf
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS Events:
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS Diagram Tool can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email sales@hava.io to book a callback or demo.